IE Design Flaw Lets Hacker Crack Google Desktop

An Israeli hacker pinpoints a vulnerability in the cross-domain protections in Internet Explorer and publishes a proof-of-concept exploit to show how Google Desktop can be cracked to hijack sensitive user data.

0shares

An unpatched design flaw in Microsoft Corp.'s Internet Explorer browser could give malicious hackers an easy way to use the Google Desktop application to covertly hijack user information.

Matan Gillon, a hacker from Israel, discovered the vulnerability in the cross-domain protections in Internet Explorer and published a proof-of-concept exploit to show how Google Desktop can be cracked.

"The proof of concept works on a fully patched IE browser (default security and privacy settings) with Google Desktop v2 installed," Gillon said in a note sent to Ziff Davis Internet News.

He also published a detailed explanation of the vulnerability and warned that an attacker simply needs to lure a target to visit a malicious Web page. "Much like classic XSS (cross site scripting) holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the [user's] behalf on remote domains," Gillon explained.

A spokeswoman for Microsoft acknowledged the flaw in a statement and said the company was unaware of active attacks against IE users.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service